Security researchers uncover a new Android malware family using TensorFlow AI to autonomously interact with hidden browser ads, distributed through Xiaomi's app store and third-party platforms.
Security researchers at Doctor Web have uncovered a sophisticated Android malware family leveraging artificial intelligence to execute covert click fraud, marking a significant evolution in mobile ad fraud techniques. This discovery reveals how cybercriminals are weaponizing machine learning frameworks to bypass traditional security measures.
The malware utilizes TensorFlow.js, Google's open-source machine learning library, to visually analyze advertisements within hidden browser sessions. Unlike conventional click-fraud trojans that rely on predefined scripts, this variant employs computer vision to dynamically identify and interact with ad elements. According to Doctor Web's analysis, the malware operates in two distinct modes:
- Phantom Mode: Creates an invisible WebView browser that loads target pages, captures screenshots, and uses TensorFlow models to detect ad elements for simulated taps
- Signaling Mode: Streams real-time browser activity to attackers via WebRTC, enabling manual interaction like scrolling and text entry
Distributed primarily through Xiaomi's official GetApps store, the malware initially hides in seemingly legitimate gaming applications that later receive malicious updates. Some infected titles include:
- Theft Auto Mafia (61,000+ downloads)
- Cute Pet House (34,000+ downloads)
- Creation Magic World (32,000+ downloads)
Third-party distribution channels pose even greater risks, with compromised versions of popular apps circulating on:
- Modded APK sites (Moddroid, Apkmody)
- Telegram channels distributing "Spotify Pro" and "YouTube Mod" variants
- A Discord server promoting "Spotify X" to 24,000 subscribers
"These apps often retain partial functionality, which significantly reduces user suspicion," noted Doctor Web researchers. The malware's hidden operation in virtual screens leaves no visible traces, though victims may experience:
- Abnormal battery drain
- Unexpected mobile data consumption
- Potential long-term device performance degradation
While click fraud doesn't directly compromise personal data, it represents a lucrative criminal enterprise costing advertisers billions annually. Mobile security experts recommend these protective measures:
- Avoid third-party app stores: Especially for modified versions of premium services
- Scrutinize app permissions: Question why simple games request accessibility services
- Monitor data usage: Unexplained spikes may indicate background malware activity
- Maintain security updates: Ensure Android OS and security patches are current
As ad networks enhance fraud detection, cybercriminals increasingly turn to AI-powered methods that mimic human behavior. This discovery underscores the need for security solutions capable of detecting machine learning-based threats at the device level.
Relevant resources:
Comments
Please log in or register to join the discussion